Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Microsoft EMET Blocking Agent Service from Starting

Microsoft EMET Blocking Agent Service from Starting

Version

7.x

Issue

When Microsoft EMET is installed the Carbon Black Protection Agent (Bit9 Agent) service fails to start. You receive the error below:

Symptoms

Services fail to start with the error message:

Windows could not start the Bit9 Agent Service on the Local Computer.

Error 1503: The service did not respond to the start or control request in a timely fashion

Cause

The cause to this, is forced memory mapping by EMET. Typically this is a security feature, but the Agent does not allow memory injection or allocation, and will fail to load correctly.

Solution

Listed below are the steps to configure EMET to allow the service to start. The steps were created using EMET 5.5, so some options may differ from your current version:

  1. Firstly open the EMET GUI
  2. Select "Apps" at the top of the GUI
  3. Check in the listing for Parity.exe if its not listed, continue to the next step. If its already listed skip to step 5.
  4. Add the executable C:\Program Files (x86)\Bit9\Parity Agent\Parity.exe to the list by clicking Add Application and navigating to that directory.
  5. Next to Parity.exe uncheck the checkboxes for EAF, EAF+ and MandatoryASLR
  6. Hit OK after making the changes and attempt to start the Bit9 Agent service.
Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎09-13-2016
Views:
807
Contributors